Perhaps you should let the software vendor know this. They recommended this solution to me when I had the problem with the product. The solution works and I have never had an issue with it.
Lance ----- Original Message ----- From: "Mikael Olsson" <[EMAIL PROTECTED]> To: "ecklesd" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "Navin Mehra/MUM/IN/STTL" <[EMAIL PROTECTED]> Sent: Wednesday, June 12, 2002 4:29 AM Subject: Re: PcAnywhere connection > > > ecklesd wrote: > > > > To allow pcANYWHERE remote workstations outside a firewall to connect to > > hosts inside the firewall, you must open ports 5631 and port 5632 as you > > have done. For the remote workstation , ensure that incoming TCP connections > > are allowed from any port from 1024-5000 outside the firewall to port 5631 > > inside the firewall. > > Limiting the source port span to 1024--5000 is not a good idea. > Windows boxes, if left with the default settings, will indeed use > 1024--5000, inclusive, but as soon as a NATing firewall gets involved, > you'll see anything between 1024 and 65535. > > Limiting the source span to 1024--5000 buys you no additional > security, since those ports are exactly the ports any attacker > will be using by default. (Unless they're sitting behind a NATing > firewall, which they likely won't be doing, as it is an unnecessary > obstacle for them.) > > > Regards, > Mikael Olsson > > -- > Mikael Olsson, Clavister AB > Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden > Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 > Fax: +46 (0)660 122 50 WWW: http://www.clavister.com > > "Senex semper diu dormit" > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > -- Firewalls mailing list - [ [EMAIL PROTECTED] ] To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html
